Andrew's Web Libraries (AWL)
Session Class Reference

Public Member Functions

 __construct ( $sid="")
 
 Log ( $whatever)
 
 Dbg ( $whatever)
 
 AllowedTo ( $whatever)
 
 GetRoles ()
 
 AssignSessionDetails ( $u)
 
 Login ( $username, $password, $authenticated=false)
 
 LSIDLogin ( $lsid)
 
 RenderLoginPanel ()
 
 LoginRequired ( $groups="")
 
 EmailTemporaryPassword ( $username, $email_address, $body_template="")
 
 SendTemporaryPassword ()
 
 _CheckLogin ()
 
 FormattedDate ( $indate, $type='date')
 
 BuildConfirmationHash ( $method, $varname)
 
 CheckConfirmationHash ( $method, $varname)
 

Static Public Member Functions

static _CheckLogout ()
 

Public Attributes

 $roles
 
 $cause = ''
 
 $user_no
 
 $session_id = 0
 
 $username = 'guest'
 
 $fullname = 'Guest'
 
 $email = ''
 
 $logged_in = false
 
 $just_logged_in = false
 
 $last_session_start
 
 $last_session_end
 

Detailed Description

Definition at line 58 of file Session.php.

Constructor & Destructor Documentation

◆ __construct()

Session::__construct (   $sid = "")

#- Create a new Session object.

If a session identifier is supplied, or we can find one in a cookie, we validate it and consider the person logged in. We read some useful session and user data in passing as we do this.

The session identifier contains a random value, hashed, to provide validation. This could be hijacked if the traffic was sniffable so sites who are paranoid about security should only do this across SSL.

A worthwhile enhancement would be to add some degree of external configurability to that read.

Parameters
string$sidA session identifier.

We regularly want to override the SQL for joining against the session record. so the calling application can define a function local_session_sql() which will return the SQL to join (up to and excluding the WHERE clause. The standard SQL used if this function is not defined is: SELECT session.*, usr.* FROM session JOIN usr ON ( user_no )

Definition at line 145 of file Session.php.

Member Function Documentation

◆ _CheckLogin()

Session::_CheckLogin ( )

The authentication has happened in the server, and we should accept it if so.

Definition at line 823 of file Session.php.

◆ AllowedTo()

Session::AllowedTo (   $whatever)

Checks whether a user is allowed to do something.

The check is performed to see if the user has that role.

Parameters
string$whateverThe role we want to know if the user has.
Returns
boolean Whether or not the user has the specified role.

Definition at line 264 of file Session.php.

◆ AssignSessionDetails()

Session::AssignSessionDetails (   $u)

Internal function used to assign the session details to a user's new session.

Parameters
object$uThe user+session object we (probably) read from the database.

Definition at line 287 of file Session.php.

◆ BuildConfirmationHash()

Session::BuildConfirmationHash (   $method,
  $varname 
)

Build a hash which we can use for confirmation that we didn't get e-mailed a bogus link by someone, and that we actually got here by traversing the website.

Parameters
string$methodEither 'GET' or 'POST' depending on the way we will use this.
string$varnameThe name of the variable which we will confirm
Returns
string A string we can use as either a GET or POST value (i.e. a hidden field, or a varname=hash pair.

We include session_start in this because it is never passed to the client and since it includes microseconds would be very hard to predict.

Definition at line 904 of file Session.php.

◆ CheckConfirmationHash()

Session::CheckConfirmationHash (   $method,
  $varname 
)

Check a hash which we created through BuildConfirmationHash

Parameters
string$methodEither 'GET' or 'POST' depending on the way we will use this.
string$varnameThe name of the variable which we will confirm
Returns
string A string we can use as either a GET or POST value (i.e. a hidden field, or a varname=hash pair.

Definition at line 927 of file Session.php.

◆ Dbg()

Session::Dbg (   $whatever)

DEPRECATED Utility function to log debug stuff with printf expansion, and the ability to enable it selectively.

The enabling is done by setting a variable "$debuggroups[$group] = 1"

Parameters
string$groupThe name of an arbitrary debug group.
string$whateverA log string
mixed$whatever,...Further parameters to be replaced into the log string a la printf
Deprecated:

Definition at line 233 of file Session.php.

◆ EmailTemporaryPassword()

Session::EmailTemporaryPassword (   $username,
  $email_address,
  $body_template = "" 
)

E-mails a temporary password in response to a request from a user.

This could be called from somewhere within the application that allows someone to set up a user and invite them.

This function includes EMail.php to actually send the password.

Definition at line 637 of file Session.php.

◆ FormattedDate()

Session::FormattedDate (   $indate,
  $type = 'date' 
)

Function to reformat an ISO date to something nicer and possibly more localised

Parameters
string$indateThe ISO date to be formatted.
string$typeIf 'timestamp' then the time will also be shown.
Returns
string The nicely formatted date.

Definition at line 864 of file Session.php.

◆ GetRoles()

Session::GetRoles ( )

Internal function used to get the user's roles from the database.

Definition at line 272 of file Session.php.

◆ Log()

Session::Log (   $whatever)

DEPRECATED Utility function to log stuff with printf expansion.

This function could be expanded to log something identifying the session, but somewhat strangely this has not yet been done.

Parameters
string$whateverA log string
mixed$whatever,...Further parameters to be replaced into the log string a la printf
Deprecated:

Definition at line 203 of file Session.php.

◆ Login()

Session::Login (   $username,
  $password,
  $authenticated = false 
)

Attempt to perform a login action.

This will validate the user's username and password. If they are OK then a new session id will be created and the user will be cookied with it for subsequent pages. A logged in session will be created, and the $_POST array will be cleared of the username, password and submit values. submit will also be cleared from $_GET and $GLOBALS, just in case.

Parameters
string$usernameThe user's login name, or at least what they entered it as.
string$passwordThe user's password, or at least what they entered it as.
string$authenticatedIf true, then authentication has already happened and the password is not checked, though the user must still exist.
Returns
boolean Whether or not the user correctly guessed a temporary password within the necessary window of opportunity.

In case someone is running with register_globals on

Todo:
In here we will need to put code to call the auth plugin, in order to ensure the 'usr' table has current valid data. At this stage we are just thinking it through... like ...

The authenticate hook needs to:

  • Accept a username / password
  • Confirm the username / password are correct
  • Create (or update) a 'usr' record in our database
  • Return the 'usr' record as an object
  • Return === false when authentication fails It can expect that:
  • Configuration data will be in $c->authenticate_hook['config'], which might be an array, or whatever is needed.

Definition at line 316 of file Session.php.

◆ LoginRequired()

Session::LoginRequired (   $groups = "")

Checks that this user is logged in, and presents a login screen if they aren't.

The function can optionally confirm whether they are a member of one of a list of groups, and deny access if they are not a member of any of them.

Parameters
string$groupsThe list of groups that the user must be a member of one of to be allowed to proceed.
Returns
boolean Whether or not the user is logged in and is a member of one of the required groups.

Definition at line 587 of file Session.php.

◆ LSIDLogin()

Session::LSIDLogin (   $lsid)

Attempts to logs in using a long-term session ID

This is all horribly insecure, but its hard not to be.

Parameters
string$lsidThe user's value of the lsid cookie.
Returns
boolean Whether or not the user's lsid cookie got them in the door.

Definition at line 442 of file Session.php.

◆ RenderLoginPanel()

Session::RenderLoginPanel ( )

Renders some HTML for a basic login panel

Returns
string The HTML to display a login panel.

Definition at line 533 of file Session.php.

◆ SendTemporaryPassword()

Session::SendTemporaryPassword ( )

Sends a temporary password in response to a request from a user.

This is probably only going to be called from somewhere internal. An external caller will probably just want the e-mail, without the HTML that this displays.

Definition at line 729 of file Session.php.

Member Data Documentation

◆ $roles

Session::$roles

#+ @access private

Definition at line 63 of file Session.php.


The documentation for this class was generated from the following file: